frontend: simplify authentication guards, and refactor logout and getUserRoles method in AuthService and associated code

2025-05-31 00:18:08 +02:00 · 2025-05-31 00:18:08 +02:00 · 56f0f05d5f
commit 56f0f05d5f
parent 1a94a24329
4 changed files with 20 additions and 42 deletions
--- a/frontend/projects/shared-meet-components/src/lib/guards/auth.guard.ts
+++ b/frontend/projects/shared-meet-components/src/lib/guards/auth.guard.ts
@ -12,38 +12,18 @@ import { AuthService, ContextService, HttpService, SessionStorageService } from

 export const checkUserAuthenticatedGuard: CanActivateFn = async (
 	route: ActivatedRouteSnapshot,
-	_state: RouterStateSnapshot
+	state: RouterStateSnapshot
 ) => {
 	const authService = inject(AuthService);
 	const router = inject(Router);

-	// Check if the route allows skipping authentication
-	const { checkSkipAuth } = route.data;
-	if (checkSkipAuth) {
-		const contextService = inject(ContextService);
-		const isAuthRequired = await contextService.isAuthRequiredToCreateRooms();
-
-		if (!isAuthRequired) {
-			return true;
-		}
-	}
-
 	// Check if user is authenticated
 	const isAuthenticated = await authService.isUserAuthenticated();
 	if (!isAuthenticated) {
-		// Redirect to the login page specified in the route data when user is not authenticated
-		const { redirectToWhenUnauthorized } = route.data;
-		return router.createUrlTree([redirectToWhenUnauthorized]);
-	}
-
-	// Check if the user has the expected roles
-	const { expectedRoles } = route.data;
-	const userRole = await authService.getUserRole();
-
-	if (!expectedRoles.includes(userRole)) {
-		// Redirect to the page specified in the route data when user has an invalid role
-		const { redirectToWhenInvalidRole } = route.data;
-		return router.createUrlTree([redirectToWhenInvalidRole]);
+		// Redirect to the login page
+		return router.createUrlTree(['login'], {
+			queryParams: { redirectTo: state.url }
+		});
 	}

 	// Allow access to the requested page
@ -85,7 +65,7 @@ export const checkParticipantRoleAndAuthGuard: CanActivateFn = async (
 		}
 	}

-	const authMode = await contextService.getAuthModeToEnterRoom();
+	const authMode = await contextService.getAuthModeToAccessRoom();

 	// If the user is a moderator and the room requires authentication for moderators only,
 	// or if the room requires authentication for all users,
@ -122,9 +102,8 @@ export const checkUserNotAuthenticatedGuard: CanActivateFn = async (
 	// Check if user is not authenticated
 	const isAuthenticated = await authService.isUserAuthenticated();
 	if (isAuthenticated) {
-		// Redirect to the page specified in the route data
-		const { redirectTo } = route.data;
-		return router.createUrlTree([redirectTo]);
+		// Redirect to the console page
+		return router.createUrlTree(['console']);
 	}

 	// Allow access to the requested page
--- a/frontend/projects/shared-meet-components/src/lib/interceptors/http.interceptor.ts
+++ b/frontend/projects/shared-meet-components/src/lib/interceptors/http.interceptor.ts
@ -25,15 +25,14 @@ export const httpInterceptor: HttpInterceptorFn = (req: HttpRequest<unknown>, ne
 				console.log('Access token refreshed');
 				return next(req);
 			}),
-			catchError((error: HttpErrorResponse) => {
+			catchError(async (error: HttpErrorResponse) => {
 				if (error.url?.includes('/auth/refresh')) {
 					console.error('Error refreshing access token');

 					// If the original request was not to the profile endpoint, logout and redirect to the login page
 					if (!requestUrl.includes('/profile')) {
 						console.log('Logging out...');
-						const redirectTo = pageUrl.startsWith('/console') ? 'console/login' : 'login';
-						authService.logout(redirectTo, pageUrl);
+						await authService.logout(pageUrl);
 					}

 					throw firstError;
--- a/frontend/projects/shared-meet-components/src/lib/pages/console/console.component.ts
+++ b/frontend/projects/shared-meet-components/src/lib/pages/console/console.component.ts
@ -24,6 +24,6 @@ export class ConsoleComponent {
 	constructor(private authService: AuthService) {}

 	async logout() {
-		await this.authService.logout('console/login');
+		await this.authService.logout();
 	}
 }
--- a/frontend/projects/shared-meet-components/src/lib/services/auth/auth.service.ts
+++ b/frontend/projects/shared-meet-components/src/lib/services/auth/auth.service.ts
@ -32,17 +32,17 @@ export class AuthService {
 		return from(this.httpService.refreshToken());
 	}

-	async logout(redirectTo?: string, redirectToAfterLogin?: string) {
+	async logout(redirectToAfterLogin?: string) {
 		try {
 			await this.httpService.logout();
 			this.user = null;

-			if (redirectTo) {
-				const queryParams = redirectToAfterLogin
-					? { queryParams: { redirectTo: redirectToAfterLogin } }
-					: undefined;
-				this.router.navigate([redirectTo], queryParams);
-			}
+			// Redirect to login page with a query parameter if provided
+			// to redirect to the original page after login
+			const queryParams = redirectToAfterLogin
+				? { queryParams: { redirectTo: redirectToAfterLogin } }
+				: undefined;
+			this.router.navigate(['login'], queryParams);
 		} catch (error) {
 			console.error((error as HttpErrorResponse).error.message);
 		}
@ -58,9 +58,9 @@ export class AuthService {
 		return this.user?.username;
 	}

-	async getUserRole(): Promise<UserRole | undefined> {
+	async getUserRoles(): Promise<UserRole[] | undefined> {
 		await this.getAuthenticatedUser();
-		return this.user?.role;
+		return this.user?.roles;
 	}

 	private async getAuthenticatedUser(force = false) {